Mutually assured cyber destruction?

DATE: 15/12/2016

Op-ed: Experts say first the US, then some of the West’s enemies, have developed the capability to shut down entire countries at the flip of a switch

In summer 2013, I attended a conference on cybersecurity at Tel Aviv University. It was there that I learned for the first time that Stuxnet — the super-sophisticated computer virus that the US and Israel allegedly managed to insert into Iran’s Natanz enrichment facility in 2010, there to play havoc with the centrifuges — had come to be regarded in the world of cyber-warfare as a terrible mistake.

Several speakers at the conference made this assertion, branding as a failure what had been widely regarded in Israel as a dazzling success — a nonmilitary strike that had set the Iranian program back by a good few months, and had planted all kinds of uncertainty in the minds of their nuclear technicians.

On the sidelines of that conference, therefore, when I interviewed Richard A Clarke, the counterterrorism chief for both Bill Clinton and George W. Bush, I asked him whether he too thought Stuxnet had been, to put it mildly, counterproductive. Absolutely, Clarke made clear.

For one thing, “the attack code was supposed to die and not get out onto the internet,” he noted, but it did. “It got out, and ran around the world.” It couldn’t harm anything else, because it had been programmed only to strike at Iran’s centrifuges, but “nonetheless it tried to attack things and people therefore grabbed it and decompiled it, so it’s taught a lot of people how to attack,” said Clarke.

In other words, the alleged US-Israel cyber-warfare breakthrough became common knowledge in that dark world, enabling others — including, it would transpire, the Iranians themselves — to learn how to conduct similar attacks.

Worse still, Clarke indicated, the fact that the attack had been discovered constituted a kind of legitimation of that form of warfare — if the US was doing it, it could hardly complain if its enemies did the same. And this in an era when defenses against cyber warfare were playing constant catch-up to try to foil attackers.

As Clarke put it, “No one really knows how to do defensive systems. The technology right now doesn’t work as well on the defense as it does on the offense. Historically, there’s this phenomenon in military science called ‘offense preference,’ where certain circumstances are created where the offense always wins… Right now and for some time now, we have been in this period of offense preference in cyber, where the offense usually wins.”


No comments: